Le 26/10/2018 à 09:21, Matus UHLAR - fantomas via bind-users a écrit :
On 26.10.18 00:12, Frédéric Lochon wrote:
Today, I just set-up a new zone of type "forward" but I have trouble
to make it work properly:
- my home network is allowed to send queries because it is "trusted"
- nobody from outside my home network is allowed to send queries
because it is not "trusted"
As you can't have "allow-query" in a zone of type "forward", I don't
find any nice solution.
You can and you also need to add allow-query for it. However, since
forward
zone is not stored locally, all requests for it are fowarded, so you must
allow recursion for the zone, if you want to allow everyone to use it.
Hello,
This is what I wanted to do. But allow-query and allow-recursion are not
allowed inside a zone of type forward.
That's why I'm looking for another solution.
Now I have a question, why do you want people from outside to access
forward
zone? can't you slave it instead?
At the beginning I wanted to detect some specific DNS queries on my BIND.
Those queries are dummy (answers too...). It's used by some IoT devices
to send "heartbeats" by using open access points with captive portal
(usually, DNS queries are sent even if you don't authenticate).
So my first idea was to use BIND logging capabilities, but that's not
applicable because BIND only log everything or nothing.
So, I decided to write my own DNS server which would detect those
queries, and because I have only 1 IPv4, I would let BIND forward the
queries to my custom server (running on the same IP but another port).
Thus, slaving is not possible, as queries would be seen only by BIND.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
